Sensitive pages could be cached
Description
The application serves pages containing sensitive information (such as authentication credentials, session tokens, or personal data) without proper cache-control directives. This allows browsers, intermediary proxies, CDNs, and SSL/TLS terminators to store copies of these pages in their caches. Even when transmitted over HTTPS, cached sensitive data may persist in various cache layers, potentially exposing it to unauthorized access through shared devices, proxy servers, or cache inspection.
Remediation
Configure the web server or application to send appropriate HTTP response headers that prevent caching of sensitive pages. Add the following headers to all responses containing sensitive information:
Required Headers:
Cache-Control: no-store, no-cache, must-revalidate, private Pragma: no-cache Expires: 0
Implementation Examples:
For Apache (.htaccess or httpd.conf):
<FilesMatch "\.(html|php|jsp)$"> Header set Cache-Control "no-store, no-cache, must-revalidate, private" Header set Pragma "no-cache" Header set Expires "0" </FilesMatch>
For Nginx:
location /sensitive-path/ {
add_header Cache-Control "no-store, no-cache, must-revalidate, private";
add_header Pragma "no-cache";
add_header Expires "0";
}For application-level implementation (e.g., Express.js):
app.use((req, res, next) => {
res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate, private');
res.setHeader('Pragma', 'no-cache');
res.setHeader('Expires', '0');
next();
});Verify the fix by inspecting HTTP response headers using browser developer tools or command-line tools like curl.